HostedDB - Dedicated UNIX Servers
index_48
Router Security Configuration Guide UNCLASSIFIED 48 UNCLASSIFIED Version 1.0g 4.1.2.    Router Software Versions  Cisco issues new IOS versions and upgrades fairly frequently; making it an administrative nightmare to keep all the routers on a large network up to date.  Newer versions of IOS fix bugs and vulnerabilities that existed in the older versions, and add new security features.  Keep your IOS as up to date as is practical.  A second problem is that the early versions of new IOS releases can be less robust than more mature, later versions (i.e. 12.0.1 was an early version of IOS Release 12, while 12.0.9 was a mature version of Release 12).  A good approach to this problem is to maintain operational routers with recent, but not cutting-edge, Cisco IOS releases.  This will allow others to find the bugs in the newer versions (and get them fixed).  The recommended minimum IOS release is IOS 11.3.  The recommended newest release would be the most recent “GD” version that is at least a month old (at the time of this writing, 12.0.12).  To check your IOS version, log in and enter the command  show version.  For more details on IOS upgrades, see Sections 4.5 and 8.3. 4.1.3.    Router Configuration and Commands (IOS) After connecting to a router and initially logging in, the system is in user mode also known as EXEC mode.  EXEC mode gives limited access to the command set of the router.  Access to all the router commands, including the ability to change the configuration, is reserved for the privileged EXEC mode.  Typing the enable command at an EXEC mode prompt will give access to the privileged EXEC mode.   Privileged EXEC mode is sometimes called ‘enable mode’. There are several configuration modes on a Cisco router.  To enter the global configuration mode (config) type the command configure terminal , commonly abbreviated “config t”. In the global configuration mode a wide variety of overall router features and settings can be changed: banners, authentication systems, access lists, logging, routing protocols, and much more.  There are sub-modes which are used to configure specific settings for interfaces, lines, routing protocols, etc.  The list below describes some of the sub-modes. § interface (config-if) is used to configure aspects of a particular interface like FastEthernet0, Ethernet 0/1, or Vlan2.    § line (config-line) is used to set up the console port, auxiliary port and virtual terminal lines. § access-list:  There are two types of IP named access lists, extended (config-ext-n) and standard (config-std-n), which can be used instead of    numbered lists.  Access-list mode is used for building named access lists. § route (config-route) is where specific parameters can be set and modified for a selected routing protocol. In addition to the standard authentication, authorization, and logging router functions, Cisco IOS 11.1 and later offer a comprehensive model for authentication, authorization, and accounting (AAA), the so-called ‘new model’.   See Section 4.1.6 for a brief description and Section 4.6 for more details.